Centralized Log
Centralizing the log is a method to redirect your log to a separate file and save it. Centralizing the log in a file is always helpful if you want to transmit it to a third-party application like Splunk or Logstash.
To check the status of the Chef Automate from deployment with channel and type, run the following command:
chef-automate status
Viewing Logs
To view the logs, run the following command:
journalctl -u chef-automate -f
Click here to learn more about Log Management.
Prerequisites
The Operating system has two modules that should be present in your environment:
- Rsyslog
- Log Rotate
The above modules come by default with all the operating systems we support.
Centralize the Log in a File
Once you centralize the log, you can run the above command sparingly to check the log. The configuration to centralize the log in a file is shown below:
[global.v1.log]
redirect_sys_log = true //centralize the log
redirect_log_file_path = "PATH OF THE LOG FILE" //set the location of the log file. syntax: /var/tmp/
In the above specifications:
- Setting the property
redirect_sys_log
to true will centralize the log in a document format. - The default location of the log file is
/var/tmp/
as shown above. You can save the log file in your desired locations and mention the location in the aboveredirect_log_file_path
property.
Note
- The default value of
redirect_sys_log
is false. - If the value of
redirect_sys_log
is set to true, it is necessary to mention the file’s location in theredirect_log_file_path
property, or it will throw an error:Please specify a log path location using redirect_log_file_path
.
Patch the Log Configuration
Once you have created the automate.log file, patch the above configurations to chef automate. Patching the configuration will start transmitting the automate.log
file wherever the location is specified in redirect_log_file_path
.
sudo chef-automate config patch config.toml
Configuring Log Rotation and Retention
The centralizing log also comes with log rotation with the following specifications:
[global.v1.log]
redirect_sys_log = true ##centralize the log
redirect_log_file_path = "/var/tmp/" ##set the location of the log file
compress_rotated_logs = true ##compress the log file
max_size_rotate_logs = "10M" ##set the max size of the file. syntax: 10M, 90k
max_number_rotated_logs = 10 ##number of backup files to be stored
In the above specifications:
- To compress the logs, set the value of
compress_rotated_logs
to true. The default value ofcompress_rotated_logs
is false. - The
max_size_rotate
property sets the limit after which you want to rotate the log. The default value ofmax_size_rotate
is 10M, i.e., the logs will rotate once the file size reaches the limit of 10Mb. You can also set the value ofmax_size_rotate
in KB. - The
max_number_rotated_logs
property sets the number of file logs you want to save in your backup. Using this property, you can limit the number of backup files in your storage. The maximum number of log files you can store is 10 per day.
Note
max_number_rotated_logs
is 10M. If you don’t want to keep more than one log file in your storage, set the value of max_number_rotated_logs
to 1.Configure Logs for OpenSearch in Chef Automate HA
To configure the centralizing log feature for OpenSearch in Chef Automate HA, run the following command:
chef-automate config patch --opensearch <file/path/to/toml>
Configure Logs for PostgreSQL in Chef Automate HA
To configure the centralizing log feature for PostgreSQL in Chef Automate HA, run the following command:
chef-automate config patch --postgresql <file/path/to/toml>
Log Consolidation using Splunk
Splunk consolidates all the log data and pushes it to a central, accessible, easy-to-use interface. Here, the Splunk forwarder here will view the data outside the local environment. Assuming that you already have your Splunk forwarder installed, run the following command to start Splunk Universal forwarder:
[system@ABC]# cd splunkforwarder/bin
[system@ABC]# ./splunk start --accept-license
The above command will start your spunk forwarder.
Now, edit the inputs.conf
file on your Splunk Forwarder as shown below:
[system@ABC]# ./splunk add monitor /var/tmp/automate.log
In the above command, /var/tmp/ is the location of the automate.log
, which you can change accordingly. Running the above command will show the following:
Added monitor of '/var/tmp/automate.log'
The above statement confirms that the value of the monitor in input.conf
has been updated to var/tmp/automate.log
. Open the input.conf
file just to confirm whether the content in the file is as expected. The expected content is:
[monitor:///var/tmp/automate.log]
disabled = false
Restart your splunk forwarder using the following command:
[system@ABC]# ./splunk restart
The above step will let you view the automate.log
file in your splunk forwarder. Click here to know about the Splunk Forwarder.
Was this page helpful?